mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-03 07:38:10 +00:00
SUNRPC: Remove gss_import_v1_context()
We no longer support importing v1 contexts. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
This commit is contained in:
Chuck Lever
parent
6964629f4c
commit
da33d635bb
1 changed files with 1 additions and 141 deletions
|
|
@ -273,143 +273,6 @@ const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype)
|
|||
}
|
||||
EXPORT_SYMBOL_IF_KUNIT(gss_krb5_lookup_enctype);
|
||||
|
||||
static struct crypto_sync_skcipher *
|
||||
gss_krb5_alloc_cipher_v1(struct krb5_ctx *ctx, struct xdr_netobj *key)
|
||||
{
|
||||
struct crypto_sync_skcipher *tfm;
|
||||
|
||||
tfm = crypto_alloc_sync_skcipher(ctx->gk5e->encrypt_name, 0, 0);
|
||||
if (IS_ERR(tfm))
|
||||
return NULL;
|
||||
if (crypto_sync_skcipher_setkey(tfm, key->data, key->len)) {
|
||||
crypto_free_sync_skcipher(tfm);
|
||||
return NULL;
|
||||
}
|
||||
return tfm;
|
||||
}
|
||||
|
||||
static inline const void *
|
||||
get_key(const void *p, const void *end,
|
||||
struct krb5_ctx *ctx, struct crypto_sync_skcipher **res)
|
||||
{
|
||||
struct crypto_sync_skcipher *tfm;
|
||||
struct xdr_netobj key;
|
||||
int alg;
|
||||
|
||||
p = simple_get_bytes(p, end, &alg, sizeof(alg));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
switch (alg) {
|
||||
case ENCTYPE_DES_CBC_CRC:
|
||||
case ENCTYPE_DES_CBC_MD4:
|
||||
case ENCTYPE_DES_CBC_MD5:
|
||||
/* Map all these key types to ENCTYPE_DES_CBC_RAW */
|
||||
alg = ENCTYPE_DES_CBC_RAW;
|
||||
break;
|
||||
}
|
||||
if (!gss_krb5_lookup_enctype(alg)) {
|
||||
pr_warn("gss_krb5: unsupported enctype: %d\n", alg);
|
||||
goto out_err_inval;
|
||||
}
|
||||
|
||||
p = simple_get_netobj(p, end, &key);
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
tfm = gss_krb5_alloc_cipher_v1(ctx, &key);
|
||||
kfree(key.data);
|
||||
if (!tfm) {
|
||||
pr_warn("gss_krb5: failed to initialize cipher '%s'\n",
|
||||
ctx->gk5e->encrypt_name);
|
||||
goto out_err_inval;
|
||||
}
|
||||
*res = tfm;
|
||||
|
||||
return p;
|
||||
|
||||
out_err_inval:
|
||||
p = ERR_PTR(-EINVAL);
|
||||
out_err:
|
||||
return p;
|
||||
}
|
||||
|
||||
static int
|
||||
gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
|
||||
{
|
||||
u32 seq_send;
|
||||
int tmp;
|
||||
u32 time32;
|
||||
|
||||
p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
|
||||
/* Old format supports only DES! Any other enctype uses new format */
|
||||
ctx->enctype = ENCTYPE_DES_CBC_RAW;
|
||||
|
||||
ctx->gk5e = gss_krb5_lookup_enctype(ctx->enctype);
|
||||
if (ctx->gk5e == NULL) {
|
||||
p = ERR_PTR(-EINVAL);
|
||||
goto out_err;
|
||||
}
|
||||
|
||||
/* The downcall format was designed before we completely understood
|
||||
* the uses of the context fields; so it includes some stuff we
|
||||
* just give some minimal sanity-checking, and some we ignore
|
||||
* completely (like the next twenty bytes): */
|
||||
if (unlikely(p + 20 > end || p + 20 < p)) {
|
||||
p = ERR_PTR(-EFAULT);
|
||||
goto out_err;
|
||||
}
|
||||
p += 20;
|
||||
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
if (tmp != SGN_ALG_DES_MAC_MD5) {
|
||||
p = ERR_PTR(-ENOSYS);
|
||||
goto out_err;
|
||||
}
|
||||
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
if (tmp != SEAL_ALG_DES) {
|
||||
p = ERR_PTR(-ENOSYS);
|
||||
goto out_err;
|
||||
}
|
||||
p = simple_get_bytes(p, end, &time32, sizeof(time32));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
/* unsigned 32-bit time overflows in year 2106 */
|
||||
ctx->endtime = (time64_t)time32;
|
||||
p = simple_get_bytes(p, end, &seq_send, sizeof(seq_send));
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
atomic_set(&ctx->seq_send, seq_send);
|
||||
p = simple_get_netobj(p, end, &ctx->mech_used);
|
||||
if (IS_ERR(p))
|
||||
goto out_err;
|
||||
p = get_key(p, end, ctx, &ctx->enc);
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_mech;
|
||||
p = get_key(p, end, ctx, &ctx->seq);
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_key1;
|
||||
if (p != end) {
|
||||
p = ERR_PTR(-EFAULT);
|
||||
goto out_err_free_key2;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
out_err_free_key2:
|
||||
crypto_free_sync_skcipher(ctx->seq);
|
||||
out_err_free_key1:
|
||||
crypto_free_sync_skcipher(ctx->enc);
|
||||
out_err_free_mech:
|
||||
kfree(ctx->mech_used.data);
|
||||
out_err:
|
||||
return PTR_ERR(p);
|
||||
}
|
||||
|
||||
#if defined(CONFIG_RPCSEC_GSS_KRB5_CRYPTOSYSTEM)
|
||||
|
||||
static struct crypto_sync_skcipher *
|
||||
|
|
@ -622,10 +485,7 @@ gss_krb5_import_sec_context(const void *p, size_t len, struct gss_ctx *ctx_id,
|
|||
if (ctx == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
if (len == 85)
|
||||
ret = gss_import_v1_context(p, end, ctx);
|
||||
else
|
||||
ret = gss_import_v2_context(p, end, ctx, gfp_mask);
|
||||
ret = gss_import_v2_context(p, end, ctx, gfp_mask);
|
||||
memzero_explicit(&ctx->Ksess, sizeof(ctx->Ksess));
|
||||
if (ret) {
|
||||
kfree(ctx);
|
||||
|
|
|
|||
Loading…
Reference in a new issue